Hey guys, I recently graduated from school (background in software development and security) and started a job for the federal government as a security assessor. I’m very thankful to have found a good paying and secure job right after graduating from college. With that being said, I wanted to know what the outlook is for security assessors going forward. Will they be in demand in the future? Will they be replaced? How much money can one make with 5-10 years of experience in the field?
The reason I ask is not because I am scared of losing my job, but because I’m scared of becoming stagnant. In my spare time I’m working towards getting my Security+ certification, and then planning to go for some more advanced certs, as well as CISSIP (when I’m eligible). Is this a good plan?
What are your guys opinions on security assessors in the present, and in the future?
*P.S. here is a quick and easy description of my job. I am the one who essentially calculates the level of risk associated with various projects and applications that want to enter the production environment at my organization. The main way this is accomplished is through an SA&A process (security assessment & authorization). During this process, I create a security control profile (based off of the ITSG-33 Framework) which the client provides evidence for. I then assess the evidence for each of these controls and determine the overall residual risk level of the system, which is summarized in various reports that I create afterwards.